bugzilla -- cross-site scripting vulnerability

Details

VuXML ID

97c3a452-6e36-11d9-8324-000a95bc6fae

Discovery

2004-12-01

Entry

2005-01-24

A Bugzilla advisory states:

This advisory covers a single cross-site scripting issue
that has recently been discovered and fixed in the
Bugzilla code: If a malicious user links to a Bugzilla
site using a specially crafted URL, a script in the error
page generated by Bugzilla will display the URL unaltered
in the page, allowing scripts embedded in the URL to
execute.